Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring kubernetes kubernetes

Error reading service account token from: [/var/run/secrets/kubernetes.io/serviceaccount/token]. Ignoring


java kubernetes fabric8

Where is the problem: The current type of your client configuration is incomplete, you are missing the client authentication settings/data part.

Please be aware, when you are running your code from outside the cluster(this type of client configuration is called out-of-cluster client configuration) you need to specify explicitly a bare minimum for successful connection to Kubernetes control-plane from outside.

  1. Kubernetes Master URL
  2. At least one method for user authentication, can be any of:
  • client certificates
  • bearer tokens
  • HTTP basic auth

You see the problem ? - you have specified none of these from the second condition for >> user << authentication (this is a key word here: user)

Right now Java Kubernetes client falls back into Service account based authentication strategy, thinking you are not human but robot (Pod running in context of Service Account).

Putting it technically, client is resolving now to the last resort option:

KUBERNETES_AUTH_TRYSERVICEACCOUNT

(4th on the list of fabric8io/kubernetes-client supported configuration option, check below)

which involves reading in service account token placed into the filesystem inside Pod's container at following path:

/var/run/secrets/kubernetes.io/serviceaccount/token

Officially fabric8io/kubernetes-client java client supports the following ways of configuring the client:

This will use settings from different sources in the following orderof priority:

  • System properties
  • Environment variables
  • Kube config file
  • Service account token & mounted CA certificate <== you client code tries this

System properties are preferred over environment variables. Thefollowing system properties & environment variables can be used forconfiguration

The easiest solution is to rely on Kube config file option to access cluster from outside, e.g.:

public class KubeConfigFileClientExample {  public static void main(String[] args) throws IOException, ApiException {    // file path to your KubeConfig    String kubeConfigPath = System.getenv("HOME") + "/.kube/config";    // loading the out-of-cluster config, a kubeconfig from file-system    ApiClient client =        ClientBuilder.kubeconfig(KubeConfig.loadKubeConfig(new FileReader(kubeConfigPath))).build();    // set the global default api-client to the in-cluster one from above    Configuration.setDefaultApiClient(client);    // the CoreV1Api loads default api-client from global configuration.    CoreV1Api api = new CoreV1Api();    // invokes the CoreV1Api client    V1PodList list =        api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null, null);    for (V1Pod item : list.getItems()) {      System.out.println(item.getMetadata().getName());    }  }}

Full code sample can be found here.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last